NetExec v1.4.0 has been released! 🎉 There is a HUGE number of new features and improvements, including: - backup_operator: Automatic priv esc for backup operators - Certificate authentication - NFS escape to root file system And much more! Full rundown: github.com/Pennyw0rth/Net…

I'm at a loss for words with how quick the netexec team puts in fixes. Video has been out for 4 hours, and mpgn already put in a fix. Some open source communities are just flat out amazing. github.com/Pennyw0rth/Net…

The Cyber Security Community is coming together again

Thanks to the awesome work of Aleem Ladha , the CTF Windows Active Directory lab for Barbhack from 2024 is now public! 🔥 You can build the lab and pwn the AD—13 flags to capture! No public write-up exists yet—waiting for someone to submit one! github.com/Pennyw0rth/Net…

What do you do if you have compromised a server administrator? Hunt for domain admins🏹 This is what NetExec's latest module "presence" does. It checks for DAs in: - C:\Users folder - Processes - Scheduled Tasks All done with native Windows protocols. Made by crosscutsaw and me

Ludushound shows the power of community driven innovation in cybersecurity. Beyviel David created an awesome tool to convert bloodhound data into a working lab in 🏟️ Ludus. Replicate complex live environments with automation - and get back to the fun stuff! specterops.io/blog/2025/07/1…

Thanks SpecterOps for this awesome site when using #bloodhound queries.specterops.io

My personal #defcon33 highlights: Better tools for GPO exploitation: media.defcon.org/DEF%20CON%2033… Critical vulns in Zscaler and Netskope: media.defcon.org/DEF%20CON%2033… Phishing on official Microsoft login: media.defcon.org/DEF%20CON%2033… SSH vulnerabilities: media.defcon.org/DEF%20CON%2033…

Glad to see my contribution to the community is paying off You can build the labs from here github.com/Pennyw0rth/Net…

I am back to posting to ADSecurity.org in my free time (which I have again). I plan on adding new content relating to Active Directory & Azure AD (now Entra ID). First up is "Entra & Azure Managed Access Revisited". This article expands on one I wrote years ago about

I know a lot of people will hate me for saying this but it has to be said. I get a lot of DMs saying RT is getting harder everyday, traditional loaders dont work anymore, opensource tools tend to crash or get detected instantly. But wasnt that the whole point of Red team? Thats

I can confirm there will be a Windows Active Directory lab at Barbhack 🏴‍☠️ This is an insane lab for the time allowed, be prepare and make sure your tools are up to date ! 🎯👿

Can’t wait for this

How to learn Active Directory… Step 1. Setup your own lab. Setup laps, applocker, logon scripts, CA server, sccm, exchange, file shares etc the whole nine Step 2. intentionally misconfigure it with tools like BadBlood and BadShares (I wrote this one) or just manually screw it

This PR from fulc2um github.com/fortra/impacke… implements Shadow RDP on Impacket, this is so fking cool omgggg

Time to crack some hashes : 16 GPUs in a cluster. Thanks #hashcat

Thrilled to share that the Star Wars NetExec lab I made for leHACK was fully automated by Aleem Ladha on Ludus/VWmare/VirtualBox🔥 Awesome lab with 2AD (rebels&empire), certificats, MSSQL trust, pre2k, and ofc gMSA 👾 Can you find the spy ? GitHub ➡️ github.com/Pennyw0rth/Net…

Thanks mpgn for creating this AD Star Wars lab made for leHACK the automation for this lab especially the user simulation part was interesting. Thanks leHACK #netexec and Bad Sector Labs for #Ludus for the quick range deployment and Mayfly for the ansible playbooks